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(54) Procede de communication avec un support porta Uf. 

(§7) Procede de communication entre une unite de traite- 
ment associ6e a un programme applicatif et des supports 
d'informations portabfs de types differents. II consiste a 
ajouter une couche de communication entre le programme 
applicatif et les supports, afin de n'utiliser qu'un seul proto- 
cole de communication dans le programme applicatif pour 
accgder aux supports quel que sort feur type. 
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PROCEDE DE COMMUNICATION AVEC UN 
SUPPORT PORTATIF 



L 1 invention concerne les supports portatifs tels 
que les cartes a memoire de masse ou les cartes a puce 
de type carte de credit. Elle s' applique notanunent aux 
microordinateurs . 

Les cartes a memoire de masse amovibles ont fait 
leur apparition recemment comme accessoires des 
ordinateurs personnels ou microordinateurs, surtout pour 
les ordinateurs portables. Elles pourraient remplacer 
dans l'avenir les disquettes et autres moyens de 
stockage de masse de type magnetique. Elles peuvent 
servir de memoire de masse d'aussi grande capacite que 
les disquettes magnet iques (ordre de grandeur : le 
million d' octets) ; leur encombrement n'est pas plus 
grand puisqu' elles ont le format carte de credit avec 
une epaisseur de 3 a 5 millimetres, et elles sont 
beaucoup plus rap ides d'acces (plusieurs milliers de 
fois plus rapides) . 

Elles peuvent meme servir de memoire vive de 
programme directement executable par l'ordinateur per- 
sonnel. Dans ce cas, contra ireroent aux memoires de masse 
magnetiques, elles n'ont pas a etre chargees dans la 
memoire vive (RAM) du PC pour etre executees ensuite. 
Les programmes qu'elle contient sont executables direc- 
tement par l'ordinateur personnel. 

Les cartes a memoire de masse, parfois appelees 
encore PC-cards, comportent plusieurs puces de memoire 
et un connecteur en bout de carte (connecteur femelle de 
68 broches selon la norme PCMCIA de "Personal Computer 
Memory Card International Association" 1030B East Duane 
Avenue, Sunnyvale, California) . La carte est enf ichable 
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dans un connecteur correspondant (mSle de l'ordinateur). 
Les connexions sont telles que la memoire puisse etre 
adressee par un port d 'entree-sortie parallele du PC, 
comme si la memoire etait une memoire de masse magne- 
tique, c'est-a-dire comme si elle etait une extension de 
memoire vive de l'ordinateur. 

Ces cartes enfichables, outre leur fonction de 
memoire, peuvent offrir des f onctionnalites supplemen- 
taires, comme par exemple des fonctions de communica- 
tion. D'autres, qualifiees d 1 intelligentes, comportent 
un microprocesseur capable d'executer lui-meme des 
programmes contenus en memoire RAM de la carte. II est 
aussi prevu, dans le cas de ces cartes intelligentes, 
que l'ordinateur puisse charger directement dans une 
memoire de la carte des f ichiers directement executables 
par le microprocesseur. 

L'espace memoire de ces cartes a memoire & 
connecteur en bout est formate de la meme maniere que 
les disquettes magnetiques, selon le systeme 
d' exploitation associe au microordinateur . Dans un 
exemple oQ le systeme d' exploitation est le systeme DOS 
(Disc Operating system) bien connu, l'espace memoire est 
ainsi divise en secteurs ou segments. Et cet espace 
memoire est adresse comme celui d'une disquette 
magnetique : a titre d' exemple l'accds en lecture du 
Seme secteur se fait en activant 1 ' interruption DOS de 
lecture associe, avec comme arguments ce numero de 
secteur et le nombre d' octets a lire. 

II est aussi possible d'utiliser des registres de 
commande d'un microordinateur pour effectuer des acces. 
On se reportera eventuellement au document "PMCIA Socket 
Services Interface Specification" diffuse par "Personal 
Computer Memory Card International Association" dej& 
cite. 
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Un protocole de communication entre ces cartes et 
un programme applicatif d'un microordinateur permet au 
microordinateur d'acceder a l'espace memo ire PCMCIA et 
d'executer des commandes de haut niveau : 

5 initialisation/configuration de la 

carte, lecture/ecriture/ef f acement de donnees... 

II existe par ailleurs d'autres types de supports 
portatifs qui sont les cartes a puces a contacts aff leu- 
rants, largement utilisees dans le grand public pour des 

10 applications telles que: cartes telephoniques, cartes 
d'acces a des locaux securises, cartes bancaires, etc.,. 
Ces cartes ne comportent genera lement qu'une puce de 
circuit-integre (bien qu'il ne soit pas exclu qu 1 elles 
en aient plusieurs) . Les contacts ne sont plus en bout 

15 de carte, mais sur une des faces principales planes de 
la carte. Les contacts sont peu nombreux, entre six et 
huit en general. Ces cartes sont beaucoup plus minces 
que les cartes a memo ire au standard PCMCIA: leur 
epaisseur est de l'ordre du millimetre, au lieu de 3 a 5 

20 millimetres. Elles sont destinees a etre inserees dans 
des lecteurs specialises selon les applications : 
cabines telephoniques , portillons d'acces pour les 
cartes d'acces, distributeurs de billets pour les cartes 
bancaires, etc. Elles comportent un espace raemoire gere 

25 par un microcontroleur ou un microprocesseur integre. 

Dans certains cas, les cartes a puces peu vent etre 
raccordees a un microordinateur, pour assurer la secu- 
rite d 1 utilisation de celui-ci. Un lecteur de carte a 
puce est alors raccorde au microordinateur. 

3 0 Le protocole de communication entre ces cartes et 

un programme applicatif d'un microordinateur ou d'une 
quelconque machine de traitement suit les normes ISO 
7816-3 et 7816-4* De maniere specif iee, selon ces normes 
et comme represents sur la figure 4a, la structure d'un 
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message de commande avec couche de transport comprend un 
entete P, un bloc de donnees INF et une information E de 
controle de transmission ("cheksum" en litterature 
anglo-saxonne) . L 1 entete P comprend l'adresse NAD du 
lecteur de la carte a puce, le type PCB de bloc de 
donnees (donnees applicatives, d'acquittements ou de 
supervisions) et la longueur LEN du bloc de donnees. Le 
bloc de donnees INF est lui-meme structure en un en-tete 
H, et un corps de message B. L' entete contient la classe 
de l 1 instruction (CLA) , le code de 1 * instruction (INS) 
et l^dresse dans l'espace memoire de la carte a puce a 
laquelle on veut acceder (PI, P2) . Le corps du message 
comprend le nombre d 1 octets (Lc) du message, les octets 
du message (DATA) et le nombre maximum d 1 octets (Le) du 
message attendus dans la reponse. 

La classe de 1 1 instruction identifie la structure 
exacte du message: 

- sans corps de message: type 1; 

- avec un corps de message comprenant le nombre 
d 1 octets (Lc) du message et le message (pas de 
reponse attendue) : type 2 (par exemple, ecriture 
de donnees) ; 

- avec un corps de message ne comprenant que le 
nombre maximum d 1 octets (Le) du message attendu 
dans la reponse: type 3 (par exemple, lecture de 
donnees) ; 

- avec un corps de message complet : type 4. 

Le microordinateur peut ainsi faire executer par la 
carte & puce des commande du type : 

- lecture/ecriture/ef facement de donnees dans un 
fichier el6mentaire; 

- verification de signatures 61ectroniques; 

- chiffrement, d§chif frement. 

En reponse la carte a puce renvoie un message dont 
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la structure de la couche de transport est identique a 
celle du message de comraande, et ou le bloc de donnees 
INF comprend les octects de la reponse (DATA) et un code 
d'etat (STATUS), le nombre total d' octets du bloc de 
donnees etant donne par la longueur LEN dans l'entete P. 
Cette structure du message de reponse est representee 

sur la figure 4b. 

On a pense, selon 1' invention, qu'il serait utile 
d • unif ormiser les protocoles de dialogue avec les cartes 
a puces et les cartes de type PCMCIA, afin de faci liter 
leur usage mixte. 

Dans ce but, il a deja ete propose un lecteur de 
carte pour microordinateurs qui possede une fente 
d' insertion de carte et des moyens pour se connecter, 
soit sur un connecteur en bout de carte a memo ire, soit 
sur des contacts affleurants d'une carte a puce. Ce 
lecteur comporte ainsi un premier connecteur place au 
fond de la fente d 1 insertion pour recevoir une carte a 
memoire a connecteur en bout et un deuxieme connecteur 
pour cartes a puce a contacts affleurants, place sur une 
des faces principales de la fente. 

Pour faciliter encore une utilisation generalisee 
des cartes a puce a contacts affleurants, 1« invention 
propose un procede de communication qui permet a un 
microordinateur d'acceder indif feremment a un lecteur de 
carte a memoire a connecteur en bout ou a un lecteur de 
carte a puce a contacts affleurants, sans avoir a se 
soucier du type de support portatif ainsi accede. 

Selon le procede de 1' invention, un programme 
applicatif dans le microordinateur utilise un seul 
protocole de communication entre le programme applicatif 
et les supports portatifs. Inversement, les messages que 
le programme applicatif recoit de ces supports suivent 
le meme protocole de communication, grace a cette couche 
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de communication . 

Un tel procede permet a un utilisateur d'acceder 
tres facilement aux differents types de cartes, puis- 
qu'il rend ce type transparent pour 1 ' utilisateur . 

5 Selon 1' invention, le procede de communication 

consiste a a j outer une couche de communication entre un 
programme applicatif du microordinateur et des supports 
d 1 informations de types differents, afin de n'utiliser 
qu'un seul protocole de communication pour acceder aux 

10 supports, quel que soit leur type. La couche de communi- 
cation met en oeuvre principalement les etapes 
suivantes, sur reception d'un message du programme 
applicatif: 

- extraction dans le message de l'adresse du lecteur 
15 du support; 

- detection de presence d'un support a cette adresse 
et" identification du type correspondant; 

- dans le cas oil le support est du type carte a puce 
a contacts affleurants ou carte a memoire intelli- 

20 gente a connecteur en bout, transmission directe du 

message au support; 

- dans le cas oil le support est du type carte a 
m&moire ci connecteur en bout, analyse du message et 
codage pour le rendre compatible avec le support. 

25 D'autres caracteristiques et avantages sont presen- 

tes dans la description qui suit a titre indicatif et 
non limitatif de 1' invention, en reference aux dessins 
et documents annexes dans lesquels : 

- la figure 1 est une illustration d'une carte a 
30 m§moire a connecteur en bout; 

- la figure 2 est une illustration d*une carte a puce 
a contact affleurants; 

- les figures 3a et 3b repr6sentent un lecteur 
bistandard dans lequel on introduit 
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(a) une carte PCMCIA; 

(b) une carte a puce; 

- les figures 4a et 4b representent respect ivement la 
structure de message de commande et de reponse avec 
une couche de transport selon les norroes ISO 7816-3 
et -4 et 

- la figure 5 est un organigramme du procede selon 
1' invention, 

Sur la figure 1, une carte 10 du type PCMCIA est 
representee, Cette carte pour microordinateur est 
enfichable. Elle comporte un connecteur en bout 11. 
Cette carte a une epaisseur el de l'ordre de 3 a 5 
millimetres, pour une largeur d« environ 5cm et une 
longueur d 1 environ 8cm. On parlera par la suite de carte 
PCMCIA. 

Sur la figure 2, une carte 20 du type carte a puce 
est representee. Son epaisseur e2 est infer ieure au 
millimetre. Cette carte a puce possede un connecteur 21 
a contacts aff leurants place sur une des faces principa- 
ls planes de la carte. Ce connecteur est class iquement 
constitue d'un petit nombre (en general six a huit) de 
surfaces de contact individuelles placees cdte-a-cote. 

Dans le cas de la carte PCMCIA, le contact avec 
l'exterieur se fait par enfichage de 68 broches mSles 
dans des logements femelles, comme represents sur la 
figure 3a. 

Dans le cas de la carte a puce, et comme represents 
sur la figure 3b, il se fait par pressions de lames de 
contact contre les 6 a 8 surfaces de contact individuel- 
les de la carte. Les lames peuvent etre en forme de 
balais venant frotter sur les surfaces de contact du 
connecteur 21, ou en forme de bossages 32 venant 
s'appuyer sur ces surfaces. 

Un microordinateur ayant les lecteurs appropries 
peut ainsi se connecter a des cartes PCMCIA ou a des 
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cartes & puce* Mieux, il peut comporter un lecteur mixte 
du type represents sur les figures 3a et 3b, qui peut 
lire ou bien une carte PCMCIA ou bien une carte a puce. 
Un tel lecteur est decrit dans la demande de brevet FR 

5 92 01470 deposee au nom de la Demanderesse. 

II possede principalement une fente 30 d' insertion de 
carte, des moyens 31 pour se connecter sur un connecteur 
en bout de carte a memoire, et des moyens 32, 3 3 pour se 
connecter sur des contacts affleurants d'une carte a 

10 puce, Le lecteur comporte ainsi un premier connecteur 31 
au fond de la fente d 1 insertion pour recevoir une carte 
a memoire i. connecteur en bout (figure 3a) et un 
deuxieme connecteur 3 2 pour cartes a puce a contacts 
affleurants place sur une des faces principales de la 

15 fente (figure 3b) . 

Mais le microordinateur qui veut acceder a ces 
differents supports portatifs inseres dans des fentes de 
lecteur s de type carte a puce, PCMCIA ou mixtes, doit 
utiliser le protocole de communication approprie. 

20 Notamment la carte PCMCIA suit le protocole de 

communication associe au systeme d' exploitation du 
microordinateur, comme toute memoire de masse . La carte 
a puce suit elle un protocole specifique conforme aux 
normes ISO 7816-3 et 4 deja decrit en reference aux 

25 figures 4a et 4b qui montrent la structure du message de 
commande et de reponse avec couche de transport selon 
ces normes. 

Dans l f invention, un procede de communication va 
permettre au microordinateur de traiter indif f eremment 
30 ces differents supports portatifs. 

Un programme applicatif lance par le microordina- 
teur utilise selon 1* invention un seul protocole de 
communication avec les supports portatifs. Dans un 
exemple, c'est le protocole de communication des cartes 
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a puce qui est retenu. 

Une couche de communication entre le programme 
applicatif et un support amovible regoit les commandes 
du programme applicatif selon ce protocole de communica- 
5 tion. 

On rappelle que la structure d*un message de 
commande repondant aux normes ISO comprend (figure 4 -a) : 

- un entete P contenant notamment 1 1 adresse NAD du 
lecteur destinataire, 

10 - un bloc de donnees INF contenant la commande, 

- une information E de controle de transmission. 

La couche de communication selon 1 1 invention met 
alors en oeuvre les etapes suivantes : 

- extraction de 1' adresse NAD du lecteur 
15 destinataire ; 

- detection de presence d'une carte a cette adresse; 

- si une carte est presente et si elle est du type 
carte a puces, transmission directe du message de 
commande au lecteur; 

2 0 - si une carte est presente et si elle est du type 

carte PCMCIA, analyse du bloc de donnees INF 
contenant la commande pour la mettre au format 
correspondant . 

- si il n'y a pas de carte, renvoi d'un message de 
25 reponse : "carte absente" au programme applicatif. 

La detection de presence d'une carte ainsi que la 
determination de son type peuvent etre effectuees par 
des moyens mecaniques, optiques ou magnetiques. Par 
exemple un petit contacteur electrique est actionne par 

3 0 la connexion de la carte sur son connecteur. 

Si la carte est du type carte PCMCIA, 1' analyse de 
la commande consiste alors a extraire les differentes 
informations du bloc de donnees INF (figure 4a) 
contenant la commande pour en deduire le contenu des 
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differents parametres de cette commande. Le bloc de 
donnees INF est de la forme : 

H B 



CLA 



INS 



PI 



P2 



Lc 



DATA Le 



avec un en-tete H const itue des elements references CLA, 
INS, PI, P2 et un corps de message B const itue des ele- 
ments references Lc, DATA, Le 
10 oil : 

CLA : est le type de 1 1 instruction 
INS : est le code de 1 1 instruction 
PI donnent l'adresse de base de 1* element 

P2 : memoire oil l'on veut acceder 
15 Lc : est le nombre d 1 octets de 1' element DATA 

DATA : sont les donnees transmises 
Le : est le nombre maximum d' octets attendu 

dans la reponse. 
L 1 instruction peut etre de 4 types (parametres 

20 CLA) . 

Le type 1 correspond a un message constitue seulement 
par un entSte (exemple d' instruction - initia- 
lisation de la carte) ; 

Le type 2 correspond a un message comprenant I'entete et 
25 les Elements Lc et DATA (exemple d 1 instruc- 

tion: ecriture) ; 

Le type 3 correspond a un message comprenant l'entete et 
1* element Le (exemple d 1 instruction : lec- 
ture) ; 

30 Le type 4 correspond au message complet (exemple d 1 ins- 
truction : lecture/ ecriture) . 
Si le support amovible adresse concerne une carte 
du type PCMCIA, la couche de communication va analyser 
le message au format ISO pour le traduire au format 




2701133 



11 

PCMCIA. 

Dans un exemple, pour une commande de lecture, au 
format ISO, le champ CLA indique que 1 1 instruction est 
du type 3. Le bloc de donnee INF est constitue par 
5 consequent des champs suivants : 

H B 



CLA 


INS 


PI 


P2 




Le 



Ce sont les parametres PI, P2 qui donnent au 
10 systeme d 1 exploitation l'adresse de base de 1' element de 
memoire que 1'on veut lire et c'est le champ Le qui 
donne le nombre d* octets a lire. 

Les parametres de la commande PCMCIA 
correspondante, lorsque par exemple la carte PCMCIA est 
15 formatee sous le systeme DOS sont alors : 

le code d' instruction donne par le champ INS , 
le numero de secteur donne par les champs PI, P2, 
le nombre d' octets a lire donnes par le champ Le. 
Par exemple dans le systeme d 1 exploitation DOS, si 
20 le code instruction qui se trouve dans le champ INS est 
le code de lecture, le systeme execute la commande de 
lecture a partir du numero de secteur donne par PI et P2 
et du nombre d 1 octets a lire donne par Le. 

En ce qui concerne les reponses, en reprenant 
25 1' exemple de 1 1 instruction de lecture, la carte PCMCIA 
renvoie les Le octets lus et le code d'etat. 

La couche de communication selon l 1 invention re<?oit 
done ces Le octets de reponse de la carte PCMCIA et le 
code d'etat. Elle presente ces Le octets et le code 
3 0 d'etat selon le format de reponse avec la couche de 
transport pour les renvoyer au programme applicatif du 
microordinateur , soit selon le format suivant : 





P 




INF 


E 


NAD 


PCB 


LEN 




DATA 


STATUS 




EDC 
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oQ NAD et PCB sont les memes que dans le message de 
commande et LEN egal a Le : nombre d' octets de la 
reponse DATA, 

Ainsi pour chaque instruction, la couche de 
5 communication permet, selon le type d ' instruction, 
d'aller chercher dans les differents champs du bloc de 
donnee INF de la commande, les informations necessaires 
pour que le systeme d 1 exploitation du microordinateur 
puisse executer 1' instruction qu'il reconnait. 
10 Dans un autre exemple ou on veut effectuer une 

ecriture, la structure du message sera 

P INF E 



NAD 


PCB 


LEN 




CLA 


INS 


PI 


P2 




Lc 


DATA 




EDC 



15 

Si l'adresse NAD designe un lecteur de carte 
PCMCIA, on extrait du corps du message INF le numero du 
secteur a ecrire (PI, P2), le nombre de donnees (Lc) et 
les donnees (DATA) a y ecrire pour les transmettre a la 
20 carte PCMCIA. Celle-ci revoie simplement un code d'etat 
indiquant la bonne operation ou une erreur d' execution 
vers la couche de communication de l 1 invention. Celle-ci 
presente alors la reponse selon le format requis de 
reponse avec couche de transport, soit ici : 



p 




INF 


E 


NAD 


PCB 


LEN 




STATUS 




EDC 



oQ LEN est alors &gal au nombre d' octets du code d'etat 
STATUS . 

30 Selon 1' invention, quel que soit le type de support 

amovible utilise dans le microordinateur, un programme 
applicatif n' utilise qu'un seul protocole de communica- 
tion. 
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Dans le cas oil le support amovible est une carte 
PCMCIA intelligente, on prevoit que le message lui est 
envoye directement au format ISO. La determination du 
caractere intelligent de la carte PCMCIA se fait alors 
5 par exemple par lecture d 1 une adresse memoire 
particuliere de la carte PCMIA. 

On obtient ainsi avantageusement un seul protocole 
de communication quel que soit le type de support et 
quel que soit le type de lecteur dans lequel le support 
10 est insere. 
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REVENDICATIONS 



1. - Procede de communication entre une unite de 
traitement associee a un programme applicatif et des 
supports d f informations portatifs de types differents, 
caracterise en ce qu'il consiste a a j outer une couche de 

5 communication entre le programme applicatif et les 
supports, afin de n'utiliser qu'un seul protocole de 
communication dans le programme applicatif pour acceder 
aux supports quel que soit leur type. 

2. - Procede de communication selon la revendication 
10 1, caracterise en ce que la couche de communication met 

en oeuvre les etapes suivantes sur reception d ( un 
message du programme applicatif : 

- extraction dans le message de l'adresse du lecteur; 
detection de presence d'un support a cette adresse 

15 et identification du type correspondant ; 

- dans le cas oH le support est du type carte a puce 
a contacts affleurants ou carte a memoire intelli- 
gente a connecteur en bout, transmission directe du 
message au support ; 

20 - dans le cas oQ le support est du type carte a 

memoire a connecteur en bout, analyse du message et 
codage pour le rendre compatible avec le support. 

3. - Procede de communication selon la revendication 
2 , caracterise en ce que la couche de communication met 

25 en oeuvre les stapes suivantes sur reception d'un 
message du support : 

- identification du type du support; 

- dans le cas oil le support est du type carte a puce 
a contacts affleurants ou carte S memoire a connec- 

30 teur en bout intelligente, transmission directe du 

message au programme applicatif; 
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- dans le cas oil le support est du type carte a 
memo ire a connecteur en bout, analyse du message et 
codage pour le rendre compatible avec le programme 
applicatif . 

4. - Procede de communication selon la revendication 
2 ou la revendication 3, dans lequel le lecteur comporte 
deux types de connecteur pour lui permettre de recevoir 
soit une carte a puce a contacts affleurants, soit une 
carte a memo ire a connecteur en bout, caracterise en ce 
que la detection de presence consiste a aller lire une 
information de presence sur chacun des connecteurs, 
identifiant ainsi le type de la carte qui a ete intro- 
duite, 

5. - Procede de communication selon la revendication 
4, caracterise en ce que, lorsque le type identifie est 
la carte a memoire a connecteur en bout, on effectue une 
lecture a une adiresse particuliere de cette carte pour 
determiner si cette carte est intelligente ou non. 
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© An improved security system, including a porta- 
ble smart card (500) and a host computer (600), 
eliminates the need for the computer to store individ- 
ual personal identification (ID) numbers for each user 
seeking access to the computer. Instead, the com- 
puter stores a first encryption algorithm Ei used in 
converting a particular identification number (ID) 0 
into a secret code S n for that particular user. S n also 
exists within the memory of the smart card having 
been loaded into its memory at the time of issue. A 
challenge number C is generated by the computer 
and transmitted to the smart card. Within the smart 
card and the computer, microprocessors respond to 
the challenge number C f the secret code S n . and a 
second encryption algorithm E2 in order to generate 
response numbers R„ and R' n respectively. There- 
after, R„ Is transmitted to the computer where It is 
compared with r'„. A fav rable comparison Is n c- 
essary for gaining access to the computer. 
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DATABASELESS SECURITY SYSTEM 



Technical Field 



The present invention relates to a system for 
granting access to a secure facility, and more 
particularly to an authentication procedure. 

Background of the Invention 



A challenge for those who provide secure facili- 
ties is to exclude all unauthorized persons seeking 
entry while simultaneously making authentication 
procedures as convenient as possible for both au- 
thorized persons and facility administrators. Such 
goals are frequently incompatible with each other. 

The use of a password is perhaps the simplest 
and least expensive technique for providing access 
security. Additionally, passwords are relatively easy 
to change. However, there are problems with pass- 
words; when they are fixed for long periods of time 
the chances of guessing them are improved; and 
when they are changed too frequently, they are 
forgotten by the rightful users. Further, when pass- 
words are transmitted across an interface, they can 
be intercepted by anyone with the proper monitor- 
ing equipment. 

In one known system, a common secret code 
is stored within each of two devices (key and lock). 
The secret codes are logically combined with a 
random number, available to each device, and the 
resulting numbers are compared with each other 
for identity. This technique is generally employed 
by various data communication systems (see e.g. 
"Locking Up System Security " - Electronics Week 
February 18. 1985 regarding Intel Corporations 
27916 KEPROM™ Keyed Access EPROM). Ad- 
vantageously, the secret code itself needs never be 
transmitted so that an electronic intruder, monitor- 
ing interface signals, sees only the random data 
(challenge) and the modified random data 
(response) which are insufficient to teach the cor- 
rect response to subsequent challenges. Unfortu- 
nately, this technique stores the same secret code 
in all keys which precludes selective revocation of 
lost or stolen keys. 

One way to prevent tampering with private 
information in electronic systems is the use of 
cryptosystems (i.e., methods for encrypting, or 
transforming, information so that it is unintelligible 
and, therefor , useless to thos who are not meant 
to have access to it). Ideally, the transformation of 
the information is so complicated that it is beyond 
the economic means of an eavesdropper to rev rse 
the process. The eavesdropper is therefore not 
inclined to become an intruder who not only would 



compromise the confidential nature of the stored 
information, but also might engage in forgery, van- 
dalism and theft. A popular technique, known as 
public-key cryptography, relies on the use of two 

5 keys - one to encode the information and another 
to decode it. These keys are related in the sense 
that they serve to specify inverse transformations; 
however, it is computationally infeasible to derive 
one key from the other. That being the case, one of 

w the keys can be made public for improved conve- 
nience without compromising the security of such a 
system. Applying public-key cryptography to the 
challenge of excluding unauthorized persons seek- 
ing entry to a secure facility, the party seeking 

is entry would use his private key to encrypt 
(authenticate) a message. The party receiving the 
encrypted message would use the public key of 
the transmitter to decrypt the incoming message in 
order to transform it to its original text. A discus- 

20 sion of such systems is contained in the August, 
1979 issue of Scientific American in an article by 
Martin E. Hellman entitled "The Mathematics of 
Public-Key Cryptography. 1 ' An example of a public- 
key system is disclosed in U.S. Patent 4,453,074 

25 issued to S. B. Weinstein for a "Protection System 
for Intelligent Cards.** Unfortunately, in public-key 
systems, the party receiving the encrypted mes- 
sage must maintain a database that contains the 
public keys of all parties having authorization to 

30 enter the secure facility. 

One particularly promising system involves the 
use of a password along with a smart card that 
exchanges data with an authentication device dur- 
ing an authentication procedure. It is noted that the 

35 smart card contains a processor and a memory; it 
is portable and frequently has the shape of a 
conventional credit card. Security is improved by 
requiring the holder of the smart card to remember 
a password. This password can either be sent to 

40 the smart card enabling it to exchange data with 
the authentication device, or the password can be 
sent directly to the authentication device itself. In 
either case, two conditions must now be satisfied: 
something in the user's head and something in the 

45 user's hand. 

A known system stores an identification (ID) 
number within each smart card which is transmitted 
to the authentication device in order commence the 
authentication procedure. Th authentication device 

so scrutinizes the ID number to determine whether it 
corresponds to a presently valid ID number and 
then commences the authentication procedure oniy 
when the result is affirmative. Such a system is 
disclosed in U.S. Patent 4,471,216. While personal 
identification numbers additionally offer the ability 
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to improve flexibility (e.g.. expiration date may be 
built into the ID itself), the storage of each individ- 
ual ID number in the auth ntication device requires 
significant memory space. For example, storing 
25.000 user keys, each 8 bytes long, requires 200K 
bytes of memory. Further, each time a new smart 
card is issued, the memory of the authentication 
device must be updated to recognize it. This is 
particularly impractical in a distributed system 
where, for example, the authentication device is 
used in connection with room or building access 
Even when the authentication device comprises a 
host computer that is easily updated, it is un- 
desirable from a security standpoint to store all ID 
numbers therein because they might be compro- 
mised if someone found a way to break into the 
computer. 



Summary of the Invention 

A security system includes a portable object 
such as a smart card, and an authentication device 
for electrically interacting with the portable object 
to regulate access to a secure facility. An iden- 
tification number (ID)„ is presented to the authen- 
tication device which uses an encryption algorithm 
Ei. to convert it into a secret code S„. The authen- 
tication device also generates a challenge number 
C, which is transmitted to the portable object 
Stored within the portable object is secret code S 
and encryption algorithm E 2 which are used to- 
gether with the challenge number C to create a 
response signal R„. Stored within the authentication 
device is encryption algorithm E 2 . which is used 
together will, secret code Sn and the challenge 
number C to create response signal Ft.. A favorable 
comparison between R„ and r'„ is necessary to 
gain access to the secure facility. 

In an illustrative embodiment of the invention. 
Ei and E 2 are identical processes that use different 
master strings (secret keys) to transform a first 
binary number into a second binary number. 
Knowledge of the encryption algorithm, however, is 
insufficient for an intruder to determine the master 
stnng. The present invention illustratively uses the 
Data Encryption Standard (DES) in the implementa- 
tion of Ei and E 2 . 

In a preferred embodiment of the invention, 
challenge number C is a 64-bit random number. 
Such numbers are generally non-repeating and en- 
hance security by virtue of th ir non-predictable 
character. 

The present inv ntion advantageously regu- 
lates access to any on of a number of protected 
resources Including information, cash, and physical 
ntry into a facility without r quiring th transmis- 
sion of secret Information across an Interfac . Im- 



portantly, the present invention eliminates (he need 
to store and administer identification information 
regarding each user entitled to access to the pro- 
tected resources. 
« « is a feature of the present invention that 

multiple secret codes are easily stored within a 
smart card, each providing access to a different 
facility, or backup access to the same facility in the 
event of a security breach (e.g.. the master string 
>o becomes known). In the situation that security is 
breached, new secret codes can be derived at the 
authentication device by merely using a new mas- 
ter string. Such new secret codes would have al- 
ready been stored within each smart card at the 
'5 time of issue as a precautionary measure Thus 
should security become compromised, new smart 
cards do not need to be issued. 

These and other features of the present inven- 
tion will be more fully understood when reference 
20 is made to the detailed description and associated 
drawing. 



as 



Brtef Description of the Drawing 



FIG. 1 is a flow diagram illustrating the various 
steps performed in practicing the invention; 
FIG. 2 is a flow diagram of the enciphering 
computation of the Data Encryption Standard; 
30 FIG. 3 is a block diagram that illustrates the 
calculation of f(R,K) used in the Data Encryption 
Standard; 

FIG. 4 discloses selection table S, used in the 
Data Encryption Standard; 
as FIG. 5 is a block diagram representation of the 
major functional components of a smart card 
system and their general interconnection with 
each other; 

FIG. 6 illustrates use of the present invention in 
<o a computer access security system in accor- 
dance with the invention; 
FIG. 7 illustrates use of the present invention in 
a premises access security system in accor- 
dance with the invention; 
"s FIG. 8 discloses the functional components of a 
door lock such as used in connection with FIG. 

FIG. 9 illustrates the structure of a master string 
used in the encryption process; 
so FIG. 10 Illustrates the structure of a challenge 
signal including information regarding the selec- 
tion of the secret code to be used during the 
encryption process; and 

FIG. 11 discloses a pseud -random number 
ss generator suitable for use as a challenge num- 
ber generator. 



Detailed Description 
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GENERAL 



Referring to FIG. 1. there is disclosed a dia- 
gram which illustrates the salient features of the 
invention in modified flow chart form. The mechani- 
cal analog of a key and a lock is useful in connec- 
tion with FIG. 1 because smart card 500 functions 
as a key and authentication device 700 functions 
as a lock. Since the authentication process requires 
activity on the part of both the smart card and the 
authentication device, the activity associated with 
each part is segregated to assist the reader in 
understanding the invention. Although not requned 
in the practice of the invention, security is en- 
hanced by requiring the holder of the smart card to 
enter a password into the smart card, enabling it to 
commence the authentication process by transmit- 
ting a personal identification number (ID) n to au- 
thentication device 700. Alternatively, the holder of 
the smart card could directly transmit (ID) n to the 
authentication device 700. In either case, the fol- 
lowing steps describe the authentication process: 
(1) In response to the receipt of a signal such as 
(ID)„, box 740 recognizes the signal and initiates 
the generation of a challenge number. Additionally, 
secret code S 0 is created (box 710) using encryp- 
tion algorithm Ei (box 730) and the proffered per- 
sonal identification number (ID)„. (2) Challenge 
number C is generated (box 750). transmitted to 
smart card 500. and used internally (box 720). Note 
that a valid ID number is not required to initiate the 
generation of a challenge number - a feature that 
helps preserve confidentiality of the ID number. (3) 
Both the smart card 500 and the authentication 
device 700 (box 563 and box 720) calculate a 
response (R n and R n respectively) to the challenge 
number. Since secret code S„ and encryption al- 
gorithm E2 are contained in both the smart card 
and in the authentication device, the responses 
should be identical when compared (box 760). (4) 
Block 770 further enhances security, with minimum 
inconvenience to the system administrator, by test- 
ing whether the proffered (ID) n corresponds to a 
lost or stolen card. The list of such cards is pre- 
sumably small and is seldom updated. Once all of 
the above steps have been successfully complet- 
ed, access to the computer is granted, a door is 
opened, a credit transaction is validated, or cash is 
delivered, etc. 

The various boxes need not reside within the 
particular devic as shown in FIG. 1 . For exampi , 
in a numb r of applications, the chall ng number 
generator can be located within the smart card 
wfiile still preserving th benefits of the Inv ntion. 
Indeed, in the peer-to-peer authentication applica- 
tion describ d hereinafter, each smart card con- 
tains a challenge number generator, means for 



comparing response numbers, and the Ei algo- 
rithm including a master string. Further, user inter- 
face 100 can be built into the smart card 500 or the 
authentication device 700. It is an important advan- 
5 tage that the list of valid ID numbers need not be 
stored within the authentication device. It is suffi- 
cient that only the encryption algorithm Ei. original- 
ly used to create S„ from (ID) n , needs to be stored. 
Stored within memory box 550 of smart card 
10 500 is the above-identified personal identification 
number (ID)„ that is unique to that card. Also stored 
within box 550 are one or more secret codes S 0 
and encryption algorithm E2. 

Secret code S n comprises a plurality of binary 
15 digits stored in memory that are not accessible 
from outside the card. Further. S n is written into 
memory at a time when the ID number is first 
assigned by the card issuer. S n is linked to a 
particular personal identification number, designat- 
20 ed, (ID) 0 by the functional relationship S n = Ei - 
(ID)„. What this means is that encryption algorithm 
Ei maps each unique personal identification num- 
ber into a unique secret code. As a practical mat- 
ter, a secret computer program transforms input 
25 signal (ID) n into output signal S n . It is the use of 
this particular transformation that eliminates the 
need to store individual ID numbers. More will be 
said about this later. 

Encryption algorithm E 2 is a computer program 
30 executed by a microprocessor. It is jointly respon- 
sive to secret code S„ and to input binary data 
signal C for generating an output binary data signal 
R 0 . Computation of R n is indicated in box 563 
where C is the challenge number and R n is the 
35 response. For improved security. C is a large non- 
repeating number so that an intruder making a 
large humber of observations of the challenge and 
response will never learn the manner by which they 
are related. So long as C and S„ are finite, how- 
40 ever, it is theoretically possible for the determined 
intruder to learn the correct response to all chal- 
lenges. Nevertheless, with a moderate length se- 
cret code, say 64 bits, there are approximately 18 
x to 18 possible unique secret code combinations. 
45 Even with a computer aided lockpick that tried 10 
billion different combinations every second, it 
would take 57 years to examine all combinations. 
This period could be lengthened substantially if 
additional delay, say 1 second, was introduced 
50 between challenge and response. By way of exam- 
ple, and not limitation, C may be a random num- 
ber, pseudo-random number, or even a time clock 
(year: month: day: hour: seconds: tenths: etc.). 
Stored in box 770 ar the ID numbers of lost 
55 and stolen cards as well as numbers that hav 
expired or, for one reason or another, no longer 
have permission to access the facility. Advanta- 
geously, even though th authentication device 
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"knows" at the outset that the proffered ID number 
is unacceptable, access to the facility is not denied 
until the entire process has been completed. Thus, 
only minimum information is given to potential in- 
truders. Storing a list of unacceptable numbers 
allows customization with minimum susceptibility to 
fraud. There is little or no incentive to increase the 
list of unacceptable ID numbers; while on the other 
hand, a great temptation exists to fraudulently in- 
crease the list of acceptable ID numbers - a temp- 
tation that the present invention eliminates. 

DATA ENCRYPTION STANDARD (DES) 



The purpose of any encryption algorithm is to 
convert confidential information (data) into a form 
that renders it unreadable to all except those who 
know how to decode the message. One simple 
technique involves substituting one letter of the 
alphabet with another for each of the letters. Such 
encryptions, however, are relatively easy to de- 
crypt, even for the unsophisticated intruder. More 
complex techniques have arisen over the years to 
stay ahead of unsolicited decryption experts, and 
the art has progressed to the point that techniques 
exist that are so good that it no longer makes 
sense to try to unravel an encryption signal. One 
such technique that has gained wide acceptance is 
the Data Encryption Standard (DES) that is in- 
tended for implementation in special purpose elec- 
tronic devices. In 1977, the National Bureau of 
Standards (now NIST) issued DES as a Federal 
standard, and the National Security Agency has 
certified new products using the standard. While a 
relatively brief discussion of the application of DES 
to the invention is set forth below, a more com- 
prehensive treatment is set forth in the January 
15,1977 Federal Information Processing Standards 
Publication 46 (FIPS 46), entitled "Specifications 
for the Data Encryption Standard." 

DES is a private-key scheme in which both 
encrypting and decrypting keys are identical and 
secret. DES operates on data in blocks of 64-bits, 
sending it through 16 stages of the algorithm be- 
fore exiting as a 64-bit cipher text. Encryption 
relies heavily on proper management of keys - the 
strings of characters that must be input to the 
algorithms before encryption or decryption can 
tak place. The present invention does not r quire 
d cryption. but rather relies on a comparison be- 
tween two encrypted signals. Encryption algorithms 
Ei and E 2 each use DES to achieve encryption; 
however, the data blocks and keys ar obtained 
from different sources. After a brief xptanation of 
DES is given, it will be applied to the present 
invention. 



A flow diagram that illustrates the sequential 
operations performed in the DES enciphering com- 
putation is shown in FIG. 2. Input box 201 com- 
prises a 64-bit ordered set (vector) of binary digits 

s whose order is rearranged (permuted) according to 
a known pattern in an operation akin to shuffling 
cards. The permuted block of 64-bits is now split 
into two boxes 203 (l_o) and 204 (R 0 ), each com- 
prising 32-bits in an operation akin to cutting the 

w cards. At this point, the card shuffling analogy fails 
because mathematical operations 205 (modulo-2 
addition) and 206 (cipher function f) are introduced 
along with key K. Values for K»... Ki 6 are selected 
in accordance with 16 different predetermined 

is schedules whereby each K n comprises an ordered 
set of 48-bits chosen from the 64-bit key. 

For completeness, the operation of cipher func- 
tion (f) is shown in FIG. 3 where the calculation f(R, 
K) is diagrammatically laid out. In this figure, E 

20 denotes a function which takes a block of 32-bits 
as input and yields a block of 48-bits as output. 
The E function is very similar to the initial permuta- 
tion of box 202, but now certain of the bits are 
used more than once. These blocks of 48 bits. 

25 designated 303 and 304 in FIG. 3, are combined 
by modulo-2 (exclusive or) addition in box 305. 

Selection functions Si,S 2 S 8 take a 6-bit input 

number and deliver a 4-bit output number in accor- 
dance with a predetermined selection table such as 

30 shown in FIG. 4 which discloses the Si, function. 
For example, if S ( is the function defined in this 
table and B is a block of 6 bits, then Si(B) is 
determined as follows: The first and last bits of B 
represent, in base 2, a number in the range 0 to 3. 

35 Let that number be i. The middle 4 bits of B 
represent in base 2. a number in the range 0 to 
15. Let that number be j- Look up in the table the 
number in the iHh row and jHh column. It is a 
number in the range 0 to 15 and is uniquely 

40 represented by a 4-bit block. That block is the 
output Si(B) of Si for the input B. Thus, for input 
011011 the row is 01 (i.e.. row 1) and the column is 
determined by 1101 (i.e., column 13). In row 1, 
column 13 the number 5 appears so that the output 

45 is 0101. Selection functions, Si. S2,... S 8 appear in 
the Appendix of the above-mentioned publication 
FIPS 46. 

Referring once again to FIG. 3, the permutation 
function P is designated 306 and yields a 32-bit 
so output (307) from a 32-bit input by permuting the 
bits of the input block in accordance with table P. 
also set forth in FIPS 46. 



ENCRYPTION ALGORITHMS E, AND E 2 



OES is now applied to encryption algorithm Ei 
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which is used to convert (ID) n into S n . Note that 
when the smart card is issued, it comes equipped 
with S n already stored in its memory. Referenc is 
now made to FIG. 9 which illustrates the structure 
of the master string which compris s 640-bits of 
secret data used by the encryption algorithm E». 
The master string is interpreted as 10 separate 
characters (addressable by digits 0-9). each having 
64 bits of data. The ID number comprises a block 
of 6 digits, each assuming some value between 0 
and 9 inclusive. In the following example, encryp- 
tion algorithm Ei operates on (ID)„ (illustratively set 
equal to 327438) in the manner indicated. The first 
operation requires that the third character of the 
master string be combined with the second char- 
acter of the master string in accordance with the 
DES enciphering computation. This operation is 
denoted d(3.2) where 3 is treated as the data block 
and 2 is treated as the key. The operation per- 
formed is shown in FIG. 2 in which the 64-bit 
number corresponding to the third character of the 
master string is used as input 201, the 64-bit 
number corresponding to the second character of 
the master string is used as K, and output 210 is a 
64-bit number (designated "A") that will be used in 
a second operation. 

The second operation performed is similar to 
the first except that "A" is combined with the 
seventh character of the master string in accor- 
dance with the OES enciphering computation. This 
operation is denoted by d(A,7) where A is a 64-bit 
number used as input 201, and the 64-bit number 
corresponding to the seventh character of the mas- 
ter string is used as K. The operation performed is 
shown in FIG. 2 and output 210 is a 64-bit number 
(designated "B n ) that will be used in a third opera- 
tion. 

These operations continue until all of the digits 
of (ID) n are used. The last operation, d(D,8), results 
in a 64-bit number which is used as the secret 
code S n . Accordingly, in this example, encryption 
algorithm E, uses the digits of (ID) n to index char- 
acters of the master string. The DES enciphering 
computation shuffles these secret keys in a known, 
but non-reversible, manner to generate S„. 

DES is now applied to encryption algorithm E2 
which is used to convert S n and C into a response 
number R 0 (within the smart card), or r' 0 (within 
the authentication device). S n and C each comprise 
a 64-bit number which makes them ideally suited 
for the encryption computation shown in FIG. 2. 
Indeed, S„ and C are "shuffled M in accordance with 
the DES enciphering computation describ d above 
(see FIG. 2), and output box 210 now contains a 
64-bit number designated R n or r'„. These num- 
bers are ther after compared, and when they are 
identical the smart card is deemed to be authen- 
ticated. Although the DES nciphering computation 



is illustratively shown, it is understood that other 
enciphering computations, having greater or lesser 
complexity, may be used without departing from 
the spirit of the invention. 

5 

CHALLENGE NUMBER GENERATOR 



10 There are many techniques for generating suit- 
able challenge numbers. Ideally such numbers are 
long, non-predictable, non-repeating and random. 
One known technique involves periodically sam- 
pling the polarity of a noise source, such as an 
zs avalanche diode, whose average dc output voltage 
is zero. As discussed above, the challenge number 
generator 750 (FIG. 1) may generate a random 
number, a pseudo-random number, or even a pre- 
dictable number - depending on the degree of 

20 security warranted in the given application. One 
challenge number generator is shown in FIG. 11 
which provides a pseudo-random number at its 
serial data output The generator comprises a 64- 
stage shift register whose output is modulo-2 com- 

25 bined (via Exclusive-OR gates 111,112) with var- 
ious of its stages and then fed back to the input of 
the generator. Although the serial data output pat- 
tern is very long (potentially generating all possible 
combinations of 64 bits), it eventually repeats itself. 

30 Nevertheless, by accelerating the clock rate at 
times when a challenge number is not needed, it 
would be most difficult to predict which particular 
combination of 64 bits was coming next. 

The randomness of the challenge number is 

35 further improved by using the DES enciphering 
computation shown in FIG. 2. Here, the Parallel 
Data Output (Xo, ... Xgq) of the pseudo-random 
number generator shown in FIG. 11 is used as 
input 201 in FIG. 2, while one character of the 

40 secret master string is used in obtaining the var- 
ious values for K. Recall that values for Ki... K )G 
are selected in accordance with 16 different pre- 
determined schedules whereby each K„ comprises 
an ordered set of 48-bits chosen from a 64-bit key. 

45 Since the software needed to implement DES, or 
the particular encryption algorithm used, is already 
in place in both the smart card and in the authen- 
tication device, it is cost effective to use it in 
connection with the generation of a challenge num- 

50 ber. Indeed, if DES is used in forming the chal- 
lenge number, it would be sufficient to increment a 
register each time a new challenge number is 
ne ded. and then use that number, rather than 
Xo.... Xsa.as input 201 in FIG. 2. 
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Referring now to FIG. 5 there is disclosed a 
block diagram of a smart card 500 and a 
reader/writer unit 900 such as used in connection 
with the present invention. Although shown in 
greater detail in U.S. Patent 4,798,322, a brief 
description is presented here. Some of the princi- 
pal components located on smart card 500 are 
microprocessor 560, electrically erasable program- 
mable read-only memory (EEPROM) 550, analog 
interface circuit 540, secondary winding 521 of 
transformer 920, and capacitive plates 541-544. 

Microprocessor 560 includes a central process- 
ing unit and memory means in the form of random 
access memory and read-only memory. A micro- 
processor available from Intel Corporation such as 
Part No. 80C51 may be used with the proper 
programming. Operating under firmware control 
provided by its internal read-oniy memory, the 
microprocessor 560 formats data to the EEPROM 
550 and to the reader/writer unit 900 via the analog 
interface circuit 540. EEPROMS are available from 
a number of suppliers, many of whom are men- 
tioned in an article entitled "Are EEPROMS Finally 
Ready to Take Off" by J. Robert Lineback, Elec- 
tronics. Vol 59. No. 7, (Feb 17,1986), pp. 40-41. 
Data may be written to or used from an EEPROM 
repeatedly while operating power is being applied. 
When operating power is removed, any changes 
made to the data in the EEPROM remain and are 
retrievable whenever the smart card 500 is again 
powered. 

The analog interface circuit 540 provides a 
means for interfacing smart card 500 with 
reader/writer unit 900. Within analog interface 540 
are circuits responsive to capacitors 541-544, for 
exchanging data with reader/writer unit 900. Power 
for operating the card 500 is provided to the analog 
interface circuit 540 via inductive transfer, received 
by the secondary winding 521 of transformer 920. 
This transformer is formed when secondary wind- 
ing 521 is coupled to a primary winding 921 within 
the reader/writer unit 900. The transformer 920 
may advantageously include a ferrite core 922 in 
the reader/writer for increased coupling between 
the transformer primary winding 921 and secon- 
dary winding 521. A second such core 522 may 
also be included in the transformer 920 to further 
increase coupling efficiency. The primary winding 
921 is driven at a 1.8432 MHz rate by power 
supply 930 whose operation is described with par- 
ticularity in U.S. Patent 4,802,080 issu d January 
31,1989. 

Within the read r/writer unit 900, analog inter- 
face circuit 940 exchanges data with th smart card 
500 under control of microprocessor 960. Capacitor 
plates 941-044 are aligned with the mating capaci- 
tor plates 541-544 within the smart card 500. The 
input/output serial data interface 950 is basically a 



universal asynchronous receiver transmitter ^UART) 
which may be advantageously included in the 
microprocessor 960. This UART is used for exter- 
nally communicating with a suitably configured ap- 

s plication station 990. 

Application station 990 represents any one of a 
variety of stations, terminals or machines capable 
of interacting with the reader/writer unit 900 for the 
purpose of selectively granting access to the re- 

w sources which it controls such as cash, premises 
access, information in a computer, credit authoriza- 
tion for a telephone call or the purchase of goods, 
etc. Stored within the application station is the 
computational power to carry out the authentication 

75 procedure disclosed in FIG. 1. Reader/writer unit 
900 may itself be part of the application station 990 
and its microprocessor 960, when provided with 
sufficient memory, is suited to carry out the au- 
thentication procedure. Also stored within the ap- 

20 plication station is the appropriate hardware to 
open a lock or remit cash. Such hardware is well 
known by those in the particular art to which the 
application station pertains. A discussion of certain 
of these applications follows. 

25 

APPLICATIONS 



30 

Computer Access Security System 

FIG. 6 discloses one application of the present 
invention in a computer access security system. In 

35 this system, terminal stations 101 and 102 provide 
access to host computer 600 so long as the user 
can be authenticated. In one situation, the user 
inserts his smart card 501 into a terminal security 
server (TSS) 610 for the purpose of verifying that 

40 he is entitled to access host computer 600. 
Modems 641 and 643 are frequently needed to 
adapt digital signals to transmission over public 
- switched network 650. At the host location, host 
security server (HSS)630, together with host smart 

45 card 503, grants access only to authorized users. 
In this application, TSS 610 includes a reader/writer 
unit 900 such as shown in FIG. 5, that interacts 
with smart card 501 to exchange electrical signals 
between the smart card and a particular application 

so station. The user transmits his password to smart 
card 501 via t rminal station 101 which commen- 
ces the authentication process with HSS 630 and 
host smart card 503. Security is improved by stor- 
ing the authentication algorithms and mast r 

55 strings within smart card 503 rath r than in the host 
computer. Whereas a super-user might be able to 
access secret codes stored within the host com- 
puter 600, the host smart card Is configured to only 
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grant or deny access; secret information within the 
card 503 is not available to anyone after it has 
been entered. Since individual user ID numbers do 
not have to be stored in the present invention, it is 
possibl to handle the authentication of vast num- 
bers of users with minimal storage so that smart 
cards using EEPROMS of moderate size, say 2048 
bytes, are adequate for the task. The authentication 
process performed in this application is the same 
as discussed above using DES or another suitable 
enciphering computation. 

Variations of this system include the situation 
where the TSS 610 is replaced by a portable 
security server (PSS) 620. Here, the user types his 
identification number (ID) n into terminal station 102. 
(ID) n is then transmitted to HSS 630 which includes 
host smart card 503. HSS 630 returns a challenge 
number which is displayed on terminal station 102. 
The user then enters this challenge number into 
PSS 620 using keys 622. Contained within PSS 
620 is smart card 502 which stores secret code S n 
and encryption algorithm E 2 . It computes a re- 
sponse R n to the challenge number and displays it 
on liquid crystal display 621. Thereafter, the user 
enters R n into terminal station 102 and awaits ac- 
cess to host computer 600. Clearly, each terminal 
station 101,102 could contain the equipment pres- 
ently housed within TSS 610 or PSS 620. 



Premises Access Security System 

An important application of the present inven- 
tion is in connection with the replacement of con- 
ventional door locks and mechanical keys where 
high security is important. Smart cards are useful 
in this application because they can be selectively 
revoked and adapted for use oniy during predeter- 
mined hours. Further, they can be programmed to 
commence or expire on certain dates. The present 
invention is particularly advantageous in such a 
distributed system because the identity of each 
newly authorized user does not have to be commu- 
nicated to each lock, although information regard- 
ing users no longer having authorization must be 
so communicated. The security of microwave 
"huts," which control vital junction points in the 
national telecommunication network, is of critical 
importance. Such locations warrant greater protec- 
tion than easily duplicated mechanical keys can 
offer. 

An example of a premises access security 
system is shown in FIG. 7 which illustrates another 
application of the present invention. Door 830 pro- 
vides entry to a s cur location such as a room or 
a building. Outsid handle 850 does not normally 
operate the lock, but is provided m rely for conv - 
niently pushing or pulling n the door once the lock 



is open. A bolt assembly is driven by an inside 
handl (not shown) and includes a protrusion 840 
which engages a strike 995 positioned in the door 
jamb. In th embodiment of FIG. 7, th strik itself 

s is activated to permit the opening and closing of 
the door. Alternatively, the bolt within the door 
could have been controlled in accordance with the 
invention. Lock 800 is positioned adjacent the door 
jamb on wall 820 and includes a slot 810 for 

w inserting an electronic key. 

Referring now to FIG. 8, additional detail is 
provided regarding the hardware needed to support 
this particular application. In order to obtain access, 
the user first inserts his key 500 (smart card) into 

is slot 810 (see FIG. 7) of lock 800. Once the key 500 
is in contact with reader/writer unit 900, as dis- 
cussed in connection with FIG. 5, authentication 
can begin. The user enters his password using the 
switches 120 on user interface 100 which is trans- 

20 ferred to key 500 via reader/writer unit 900. If the 
entered password matches the password stored in 
memory 550 of key 500, then the key transmits its 
identification number (ID) n to application station 
990, and more particularly to authentication device 

25 700 which carries out the authentication procedure 
discussed in connection with FIG. 1. In the event 
that the key is authenticated, processor 760 deliv- 
ers a pulse to relay driver 770 which activates relay 
780 thereby closing contact K1. Power is now 

30 applied to electric strike 995 which enables the 
door to be pulled open. A suitable transducer for 
carrying out this function is the Model 712 Electric 
Strike, manufactured by Folger Adam Co. that re- 
quires 12 volts DC at 0.3 amperes. Information 

35 regarding door entry may be delivered to the user 
on display 110 of the user interface 100. Such 
information might include prompts for using the 
system, a message that the key has expired or that 
the password should be re-entered. Processor 760 

40 includes memory for storing encryption algorithms 
Ei and E2 as well as a list of lost/stolen keys and 
those ID numbers that have been granted access 
to the facility over some time period. Such informa- 
tion can be delivered to, and displayed on. user 

45 interface 100 when properly commanded. 



Multiple Secret Codes 

so In accordance with the present invention, the 

smart card may be used in connection with a 
plurality of authentication devic s in which each 
device grants access to different user population. 
This is made possible by storing a plurality of 

55 secret codes within each smart card - very much 
like having a number of different keys on a singl 
key ring. Knowing which secret code to use is 
communicated to the smart card when the chal- 
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leng is delivered. Recall that challenge C com- 
prises a 64-bit (8 byte) random number in the 
preferred embodiment. An additional byte (header) 
is added to the challenge, as shown in FIG. 10, that 
selects one of the secret codes S„ stored within the 
memory of the smart card. Here, the header cor- 
responds to the address of the particular secret 
code to be used in providing the correct response 
to the challenge. An 8-bit header accommodates 
256 different secret codes, many of which may be 
used to enhance the security of a single authen- 
tication device. Perhaps 2 or 3 different challenges 
might be issued in an extremely high security 
application. In situations where 64-bits of random 
data are not necessary, various bit positions of the 
challenge number can be dedicated to identifying 
the particular secret code to be used. 

Peer-to-Peer Authentication 

In a number of situations, it is desirable for 
authentication to proceed between two members of 
a population who desire to exchange secret infor- 
mation after the identity of each member is verified 
to the satisfaction of the other. The present inven- 
tion is useful in this regard because it does not 
require storage of the identification numbers of all 
members of the population. However, each of the 
smart cards must generate a challenge signal, 
store secret code S n as well as encryption al- 
gorithms Ei and £2, and compare response num- 
bers with R„ with R n . Authentication proceeds in a 
manner similar to the procedure of FIG. 1, except 
that the combined functions of smart card 500 and 
authentication device 700 are now contained within 
a single, more powerful smart card. After the first 
smart card authenticates itself to the second, the 
second smart card authenticates itself to the first. 
This assures the first user that he has reached the 
correct destination, and it assures the second user 
that the person seeking access is entitled to it. 
Since each smart card now carries the secret mas- 
ter string, security is potentially weakened. How- 
ever, the master string is not retrievable from mem- 
ory and cannot be determined by trial and error 
within a reasonable time. 

Modifications and variations of the present in- 
vention are possible and include, but are not limit- 
ed to. the following: (i) smart cards are portable 
devices that may assume any convenient shape; 
(H) smart cards may include metallic contacts al- 
though the disclosed contactless interface offers 
great resistance to external contaminants and elec- 
trical discharge; (iii) challenge numbers need not 
be random or ev n s cret, although some degrada- 
tion to security is inevitable; and (iv) encryption 
algorithms E1 and E 2 may be I ss complex than 



DES and may even b implemented in hardware 
comprising no more than an Exclusive-OR gate. 



5 Claims 

1. A system for controlling access to a secure 
facility, the system including a portable object 
(500) and means for transferring data between the 

10 portable object and the facility, 
the facility comprising: 

memory means for storing encryption algorithms 
Ei and E2; 

means (750) for generating a challenge number 
*s (C); 

means responsive to an identification signal (ID)- 
subn that identifies the particular portable object 
(500) seeking to gain access to the facility, and to 
encryption algorithm Ei for generating a secret 

20 code (S„); 

means (720) responsive to the challenge number 
(C). to the secret code (S„) and to encryption 
algorithm E2 for generating a first response signal 
(R' n ); means (760) for comparing the first response 

25 signal (R'„) with a second response signal (R n ) 
generated by the portable object, and for providing 
an enabling signal when the comparison is favor- 
able; 

the portable object (500) comprising: 

30 memory means (550) for storing the secret code 
(Sn)and the encryption algorithm E 2 ; and 
means (563) responsive to the secret code (S n ). to 
the challenge number (C) received from the facility, 
and to encryption algorithm E2 for generating a 

35 second response signal (R n ) and transmitting same 
to the facility. 

2. The system of claim 1 wherein the facility further 
includes: 

means for storing a list of identification numbers 
40 not entitled to access the secure facility; and 

means (770) for determining correspondence be- 
tween the stored list of identification numbers and 
the identification signal that identifies the particular 
portable object seeking access to the facility, and 
45 for denying access to the facility when such cor- 
respondence exists. 

3. The system of claim 1 wherein the means (710) 
for generating the secret code (S n ) comprises a 
first processor, jointly responsive to the identifica- 

50 tion signal and to a secret master string, for ex- 
ecuting a predetermined sequence of steps in ac- 
cordance with ncryption algorithm Ei. 

4. The system of claim 1 wherein the means (720) 
for generating the first response signal comprises a 

55 first processor, jointly responsive to the secret 
code (S„) and to the challenge number (C), for 
executing a predetermined sequence of steps in 
accordance with encryption algorithm E2. 
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5. The system of claim 1 wherein the means (563) 
for generating the second response signal com- 
prises a second processor, responsive to the se- 
cret code and to the challeng number, for execut- 
ing a predetermined sequence of steps in accor- 
dance with encryption algorithm E 2 . 

6. The system of claim 3 wherein encryption al- 
gorithm Ei is a process for encrypting data in 
accordance with the Data Encryption Standard. 

7. The system of claim 5 wherein encryption al- 
gorithm E 2 is a process for encrypting data in 
accordance with the Data Encryption Standard. 

8. The system of claim 1 wherein the challenge 
number is substantially random. 

9. A method for testing the authenticity of a porta- is 
ble electronic device (500) and for enabling access 

to a secure facility when the portable electronic 
device is authentic, the method comprising the 
steps of: 

storing encryption algorithms Et and E 2 ; 20 
receiving an identification signal (ID) n that identifies 
the particular portable electronic device seeking 
access to the facility; 

generating a secret code (S n ) in accordance with 
encryption algorithm Ei using the identification sig- 25 
nal as an input; 

generating a challenge number (C) and transmitting 
same to the portable electronic device^ 
generating a first response signal (R „) in accor- 
dance with encryption algorithm E 2 using the se- 30 
cret code and the challenge number as inputs; 
comparing the first response signal (R n ) with a 
second response signal (R n ) generated by the por- 
table electronic device; and 

enabling access to the secure facility when the 35 
comparison is favorable. 

10. The method of claim 9 further including the 
steps of: 

storing a list of identification numbers not entitled 
to access the facility; and 4 ° 
denying access to the facility when the received 
identification signal corresponds to a identification 
number stored on the list of those not entitled to 
such access. 
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